Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
"So unfortunately the DNSSEC trust relationships depend on sketchy organizations and governments, just like the current CA system."
Posted Aug 31, 2011 0:50 UTC (Wed) by tialaramex (subscriber, #21167)
Secondly his emphasis on trust "agility" that's useless to everybody but a tiny number of nerds like Marlinspike or myself. My mother isn't going to spend hours every week reconsidering her choice of authority, she isn't even going to spend ten minutes a year. She'll accept the out of box default like every other user, the same situation (and thus the same problem) as we have now.
Finally Marlinspike's confusion between the root operators and ICANN is either ignorant (in which case who cares what somebody who doesn't know the first thing about DNS thinks?) or malicious. ICANN lacks the technical capability to do what this blog entry suggests, the KSK isn't in their possession so they simply can't create the imaginary alternate key hierarchy needed for such spoofing. Manipulating ICANN is a very different thing from going after the root operators, either in the form of the corporations and other legal entities or the actual men-with-beards who perform the public key ceremonies.
Fraudulent *.google.com certificate issued
Posted Sep 1, 2011 20:54 UTC (Thu) by job (guest, #670)
Posted Sep 6, 2011 4:14 UTC (Tue) by clint (subscriber, #7076)
Posted Sep 6, 2011 7:45 UTC (Tue) by job (guest, #670)
But the point here is that I can choose which TLD I register my domains under, and trust is not implicitly delegated between them. Even if the .xxx top level domain (as a completely made up example) is run by greedy or incompetent people they can't create a mess for any one else, as opposed to the current CA model where DigiNotar can sign "CN=*.*.com".
That's is not just an implementation detail, it's a fundamental difference.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds